FireEye to Acquire nPulse, Adding Network Forensics to Lineup

Announced today, the deal is made up of approximately $60 million in cash and $10 million in stock, and is expected to close in the second quarter.

What makes nPulse an attractive addition to FireEye is technology that enables customers to analyze data rapidly, Dave Merkel, FireEye CTO, told eWEEK. Merkel noted that FireEye's platform started with the Multi-Vector Virtual Execution (MVX) technology to help find and identify attacks. FireEye gained incident response technology with the acquisition of Mandiant earlier this year.

"What nPulse brings is a network forensics component, recording what is going on in a network and making it possible to ask lighting-fast questions about something that may have just transpired," Merkel said.

With nPulse's network forensics, FireEye is now adding visibility into an area that it had previously been missing, as well as reducing the time it takes to find potential security breaches, Merkel said.

nPulse's technology is typically deployed at the edge of the network, collecting information, said Randy Caldejon, CTO and founder of nPulse. The goal of nPulse is to be the authoritative data source for information about network events, he added.

"Our focus is on performance, and we can capture every network packet up to 20G bps," Caldejon told eWEEK. "Not only do we capture everything, but we index all that data in real-time."

The basic idea is to enable IT administrators to get a response to a query within seconds, to quickly identify any potential issues. From a technology perspective, Caldejon said that nPulse has multiple patents filed and built the underlying big data technology.

"We're not using a traditional database; to be able to do something like this truly is a big data problem," Caldejon said. "We developed our own multi-threaded piece of software that allows us to capture and analyze data at 20G-bps rates."

In addition to nPulse, Caldejon is well-known in the open-source world for being a core contributor to the Suricata intrusion prevention system (IPS).

Merkel noted that FireEye already has its own IPS system, though he said it is possible that there could be ideas from Caldejon and his Suricata experience that could benefit FireEye, as well.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.